Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. when installing Microsoft Word or Excel Add-In

Due to the deprecation of TLS 1.0 some users may encounter an issue when deploying or installing CRM Microsoft Word and/or Excel Add-In components.

Article
Number:118380

Products:

Blackbaud_CRM

This is a result of recent TLS security changes made to meet new PCI compliance regulations, to see more about TLS click here.

The error occurs as a result of TLS 1.0 being disabled. To resolve this issue your organization’s IT department will need to review the below details regarding registry key additions that will need to be added to individual workstations. These changes will need to be performed by your organization.

Blackbaud always recommends having a valid, restorable backup for any component of your environment before making changes. Many of the server configurations require registry settings to enable or activate. Staff should be familiar with making changes to the registry. Ensure you have a plan to, and can, revert any changes to a previous, working state if there are problems. There are multiple ways to change or add registry settings including (but not limited to) manually adding via the registry editor or via PowerShell or Microsoft Group Policy. Your organization should review the recommended changes below and evaluate the best method to make the changes on the required workstations.

Update the .NET Framework

To update the .NET Framework to support vTLS 1.2, first determine your .NET version number. (For help, see KB 318785.) Earlier versions of the .NET Framework may require updates or registry changes to enable strong cryptography.Use these guidelines:

The .NET Framework 4.6 and earlier versions must be updated to support TLS v1.1 and TLS v1.2.

The .NET Framework 4.6.2 supports TLS v1.1 and TLS v1.2.

If you're using the .NET Framework 4.5.1 or 4.5.2 on Windows 8.1, Windows RT 8.1, or Windows Server 2012, the relevant updates and details are also available from the Download Center.

The .NET Framework 4.6.1 and earlier versions must be configured to support strong cryptography. Set the SchUseStrongCrypto registry setting to DWORD:00000001. This disables the RC4 stream cipher and requires a restart. To learn more about this setting, see Microsoft Security Advisory 296038.